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Amendments To the Claims: 

Please amend the claims as shown. Applicants reserve the right to pursue any 

canceled claims at a later date. 
1-7. (canceled) 

8. (currently amended) An automation network comprising: 
a first subnetwork comprising a first plurality of subscribers: 

a second subnetwork comprising a second plurality of subscribers including one or 
more process devices not configured to provide an end point of a secure tuimel the second 
plurality of subscribers including process devices taken fi:om the group consisting of an 
automation device, a measurement transducer. , an operating and moni toring device and a 
programming device; 

the network arranged to provide secure a rrangement for securing data transfer between 
gcccoo of a first subscriber or multi ple ones of the a pluralit>^ of firot subscribers arranged in 
tixea first sub-network of an automation network to and a second subscriber or multiple ones 
of the a plurality^ of Docond subscribers arranged in tiiea second sub-network-ef^^ 
automation network , 

with t he first subnetwork a rrangomont comprismg at least a first e ne-secure-switch 
connected upstream of the first subscriber or the multi ple ones of the pluralit\^ of firot 
subscribers arranged in the first subnetwork. 

with the second subnetwork comprising at least a sec ond secure-switch connected 
upstream of at least one process device not capable of prod ucing a tunnel end point, 

with the first and second secure switches configured for establishing a secure tunnel 
having two end points, the first end point being ui the first secure svyitch and the second 
end pomt being in the second secure svyitc ht o tho pocond oubporibor or the plurolit)^ of 
sooond oubporibera, the tunnel configured between the first and second subnetworks to 
securely ttansmit data via an insecure network, wherein a point-to-point connection is 
made between the first subscriber of the first subnetwork and the at least one process 
device not capable of producing a tunnel end point in the second subnetwork: 
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the secure-switch is an Ethernet switch and at least one port of the tunnel is a layer-S- 
port for establishing a tunnel end point in accordance with the Ipsec-protocol, and 

wherein, in addition to t he secure switch beingi s configured to estabMsh the secure 
tunnel roprosontative f or at least t he first subscribe r the connection is made or the plurality 
of first the and to allocato tho tuonol to tho firot oubaoribor or the plurality of firat 
oubooriboro using a subscriber address of the first subscribe r or tho plurality of firot 
subscriberg . 

9. (previously presented) The arrangement according to claim 8, further comprising a 
configuration tool for configuring the automation network, the configuration tool 
configured to generate parameter data related to the secure-switch and to automatically 
transmit the generated data to the secin-e-switch. 

10. (previously presented) The arrangement according to claim 8, wherein the secure- 
switch comprises at least one port configured as a WLAN end point for establishing a 
tuimel end point. 

11. (previously presented) The arrangement according to claim 8, wherein the secure- 
switch comprises at least one port configured to be used as a tunnel end point, the at least 
one point having a marker. 

12. (previously presented) The arrangement according to claim 11, wherein the marker 
is switchable. 



3 



Serial No. 10/564,211 

Atty. Doc. No. 2003P05103WOUS 

13. (currently amended) A secure-switch for securing data access of a first subscriber 
or a plurality of first subscribers arranged in a first sub-network of an automation network 
to a second subscriber or a plurality of second subscribers arranged in a second sub- 
network of the automation network, wherein 

the secure switch is configured to be connected upstream of the first subscriber or the 
plurality of first subscribers, and 

the secure switch is an Ethernet switch having at least one port embodied as a layer-3- 
port for establishing a first t unnel end point in accordance with the IPsec protocol, 

the secure switch comprising a Ssecure Gchannel Gconverter for establishing a tunnel 
to a second secure switch connected upstream of t he second subscriber or the plurality of 
second subscribers, the second secure switch being an Ethernet switch having at least one 
port embodied as a laver-3-port for establishin g a second tunnel end point in accordance 
with the IPsec protocol, the first and second tunnel endpoints defining afe e tunnel 
configured to securely transmit data via an insecure network, wherein the Ssecure 
Gchannel Gconverter is configured to estabUsh the tunnel representative for the first 
subscriber or the plurality of first subscribers and to allocate the ttmnel to the first 
subscriber or the plurality of first subscribers using a subscriber address of the first 
subscriber or the plurality of first subscribers , therebv effecting, in combination with the 
second secure switch, a point-to-point connection between at least the first subscriber and 
the second subscriber . 

14. (new) The network of claim 8 wherein, in addition to the secure switch being 
configured to establish the secure tunnel for at least the first subscriber, the connection is 
made using a subscriber address of the first subscriber and an address allocated to the at 
least one process device not capable of producing a tunnel end point in the second 
subnetwork, thereby effecting the point-to-point connection. 
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15. (new) The secure-switch of claim 13 further including a secure port, a plurality of 
non-secure ports, and a switch matrix, with the secure channel converter positioned 
between the secure port and the switch matrix and with the switch matrix positioned 
between the secure channel converter and the non-secure ports, so that all data passing 
through the secure port and into the secure switch pass through the secure channel 
converter before reaching an unsecured port. 



